Microsoft locks down Wi-Fi geolocation service after privacy concerns

In response to privacy concerns over its Wi-Fi-based location database, …

Microsoft has restricted its Wi-Fi-powered geolocation database after a researcher investigating Wi-Fi geolocation and position tracking raised privacy concerns about the information recorded. This follows a similar move from Google, amidst identical privacy complaints.

A number of companies including Microsoft, Google, and Skyhook operate Wi-Fi geolocation databases as a means of providing quick and reasonably effective location information to phones, tablets, and laptop computers. Every Wi-Fi and Ethernet device has a unique identifier called a MAC address. Wi-Fi access points broadcast their MAC addresses so that any nearby machines can see the access point and connect to it. Companies building geolocation databases collect access point MAC addresses and GPS locations, then publish this information online. (Community projects such as Wigle accumulate similar databases.)

Smartphones and laptops can use these databases to perform quick location finding whenever they're connected to a Wi-Fi access point. They do this by querying the database for the location of the access point that they're currently using. As long as it's in the database—and hasn't moved too far from wherever it was when its information was recorded—they then know that they're close to the access point's location.

The initial data to populate these databases comes from two main sources. Both Microsoft and Google have vehicles that are driven around to listen for access points and note their MAC addresses and locations. The companies also use data from smartphones; Windows Phone and Android devices can all send access point MACs and GPS co-ordinates to the companies' respective services, so that the databases can be expanded to make them more accurate and useful. They also send cell tower IDs, if available, for the same reason.

This data collection has itself come under scrutiny, after both Apple and Google were found to be storing the data on-phone, potentially allowing other software on the phone (or software with access to handset backups on a computer) to determine not only your current location, but everywhere you have been in the past. Microsoft sidestepped this particular issue, as Windows Phone doesn't keep such a history (and the company even released the source code to prove that it does nothing untoward).

The new privacy concern is that these databases can capture MAC addresses that belong not to access points, but rather to smartphones themselves. Many phones have the ability to act as a mobile hotspot—converting themselves into a miniature access point to share their connections. If an Android or Windows Phone connects to one of these access points and sends the data to the central database, the information recorded is not merely the location of a mobile access point; it's the location of someone's phone, and by extension, the person themselves.

CNET reported on Google's database in June after it was discovered to be chock full not only of access point MAC addresses but also laptop and smartphone addresses. A couple of weeks after that report, Google modified its service to restrict access. Specifically, Google changed the service so that it required two nearby MAC addresses to be entered instead of just one. This alteration meant that it was no longer possible just to query a particular phone's MAC address to find out where the person was.

Microsoft altered its service in response to a similar CNET report, based on work from researcher Elie Bursztein. Bursztein was investigating the ability to track where a laptop had been by analyzing the Wi-Fi data stored by Windows whenever it connects to an access point. To do this, he needed a MAC location database. Initially he used Google's but had to revert to using Microsoft's after Google made their change.

Now Microsoft's service isn't an option, either; with the change Redmond has made, its service too requires multiple MAC addresses to be sent before it will return a location. If you want an approximate location when only one access point is visible—perhaps a rarity in the city, but far from unheard of in less built-up areas—Microsoft isn't going to give you one.

The best solution?

In many ways, the change is unfortunate. Wi-Fi-based positioning is a useful feature to have, especially for laptop computers that are regularly Wi-Fi enabled but usually lack GPS hardware. Geolocation is a feature found in HTML5 and supported by all modern browsers to enable services such as foursquare and location-based search. Instead of restricting the feature, a move in the opposite direction—publishing the API, making it readily accessible to third parties, and building in system-wide support for it—would be a valuable improvement both to Windows and the Internet-connected world as a whole.

Windows 7 offers a standardized API for GPS and other sensors, but it's not widely used. A third-party Wi-Fi positioning module exists, which enables Windows to, for example, automatically pick the right location for its weather widget, but it suffers from a lack of high quality databases. A first-party equivalent, using Microsoft's database, would be a welcome addition to the platform.

It's also not clear just how big the privacy issue even is. The MAC addresses of stationary Wi-Fi access points are not in any meaningful sense "private"—they're broadcast to the world, and the only information they can communicate is the device or chipset's manufacturer.

CNET claims that "hundreds of millions" of smartphones are used as mobile access points. With many network operators making Wi-Fi tethering a paid extra, and the popular iPhone not even supporting tethering until earlier this year, that's a number that feels more than a little high. 3G base stations are also susceptible to this tracking issue, but equally, there aren't hundreds of millions of those in circulation. So long as Microsoft's database isn't routinely recording the whereabouts of every MAC address it sees but only those belonging to access points, then smartphone entries in the database should be unusual. There's no evidence that Microsoft is indiscriminately recording MACs (though there is some evidence that Google has done so), and so its database ought to be relatively "clean."

If the company were to automatically remove those access points that appear to move around—as Google does—then the ability to track phones, laptops, and 3G base stations would be diminished further still. A blacklist feature to allow privacy-conscious users to forbid the recording of their access point or smartphone MAC addresses would appear to address any remaining privacy concerns. And since MAC addresses do generally identify manufacturers, some entries—those from companies which make smartphones but not Wi-Fi access points—could also be rejected; there's no reason to ever accept a MAC originating from HTC, for example.

Google and Microsoft have, however, made their choices; they've plumped for privacy over convenience and robustness.